skip to main content
10.1145/3090354.3090393acmotherconferencesArticle/Chapter ViewAbstractPublication PagesbdcaConference Proceedingsconference-collections
research-article

Implementation and Performance Evaluation of Intrusion Detection Systems under high-speed networks

Published: 29 March 2017 Publication History

Abstract

High-speed networks require a high performance intrusion detection systems (IDS), able to process a large amount of data in real time. So, we have to evaluate IDS going to be deployed in such environnement.
In this paper, we present an evaluation approach, based on a series of tests, aiming to measure the performance of the components of an IDS and their effects on the entire system. As well as to study the effect of the characteristics of the deployment environment on the efficiency of the IDS. So, we have implemented the IDS SNORT on machines with different technical characteristics and we have designed a network to generate a set of experiments to measure the performances obtained in the case of a deployment in high-speed networks.
Our experiments have revealed the weaknesses of the IDS in a precise way. Mainly, the inability to process multiple packets and the propensity to deposit, without analysis, packets in high-speed networks with heavy traffic. Our work also determined the effect of a component on the entire system and the effect of hardware characteristics on the performance of an IDS.

References

[1]
M. Akhlaq, F. Alserhani, I. Awan, J. Mellor, A. J. Cullen, and A. Al-Dhelaan. Implementation and Evaluation of Network Intrusion Detection Systems. Springer Berlin Heidelberg, Berlin, Heidelberg, 2011.
[2]
E. Albin and N. C. Rowe. A realistic experimental comparison of the suricata and snort intrusion-detection systems. In Proceedings of the 2012 26th International Conference on Advanced Information Networking and Applications Workshops, WAINA '12, pages 122--127, Washington, DC, USA, 2012. IEEE Computer Society.
[3]
R. Berthier, W. H. Sanders, and H. Khurana. Intrusion detection for advanced metering infrastructures: Requirements and architectural directions. In 2010 First IEEE International Conference on Smart Grid Communications, pages 350--355, Oct 2010.
[4]
M. A. Jamshed, J. Lee, S. Moon, I. Yun, D. Kim, S. Lee, Y. Yi, and K. Park. Kargus: A highly-scalable software-based intrusion detection system. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS '12, pages 317--328, New York, NY, USA, 2012. ACM.
[5]
D. Khorkov. Methods for testing network-intrusion detection systems. Scientific and Technical Information Processing, 39(2):120--126, 4 2012.
[6]
D. Mudzingwa and R. Agrawal. A study of methodologies used in intrusion detection and prevention systems (idps). In 2012 Proceedings of IEEE Southeastcon, pages 1--6, March 2012.
[7]
M. Roesch. Snort - lightweight intrusion detection for networks. In Proceedings of the 13th USENIX Conference on System Administration, LISA '99, pages 229--238, Berkeley, CA, USA, 1999. USENIX Association.
[8]
M. Saber, S. Chadli, M. Emharraf, and I. El Farissi. Modeling and Implementation Approach to Evaluate the Intrusion Detection System. Springer International Publishing, Cham, 2015.
[9]
M. Saber, S. Chadli, M. Emharraf, and I. E. Farissi. Performance Evaluation of an Intrusion Detection System. Springer International Publishing, Cham, 2016.
[10]
F. I. Shiri, B. Shanmugam, and N. B. Idris. A parallel technique for improving the performance of signature-based network intrusion detection system. In 2011 IEEE 3rd International Conference on Communication Software and Networks, pages 692--696, May 2011.
[11]
X. Wang, A. Kordas, L. Hu, M. Gaedke, and D. Smith. Administrative evaluation of intrusion detection system. In Proceedings of the 2Nd Annual Conference on Research in Information Technology, RIIT '13, pages 47--52, New York, NY, USA, 2013. ACM.

Cited By

View all
  • (2023)A Comparative Analysis of Snort 3 and Suricata2023 IEEE IAS Global Conference on Emerging Technologies (GlobConET)10.1109/GlobConET56651.2023.10150141(1-6)Online publication date: 19-May-2023
  • (2022)Effectiveness Evaluation of Different IDSs Using Integrated Fuzzy MCDM ModelElectronics10.3390/electronics1106085911:6(859)Online publication date: 9-Mar-2022

Index Terms

  1. Implementation and Performance Evaluation of Intrusion Detection Systems under high-speed networks
                Index terms have been assigned to the content through auto-classification.

                Recommendations

                Comments

                Information & Contributors

                Information

                Published In

                cover image ACM Other conferences
                BDCA'17: Proceedings of the 2nd international Conference on Big Data, Cloud and Applications
                March 2017
                685 pages
                ISBN:9781450348522
                DOI:10.1145/3090354
                Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

                In-Cooperation

                • Ministère de I'enseignement supérieur: Ministère de I'enseignement supérieur

                Publisher

                Association for Computing Machinery

                New York, NY, United States

                Publication History

                Published: 29 March 2017

                Permissions

                Request permissions for this article.

                Check for updates

                Author Tags

                1. Intrusion Detection System
                2. Packet Drop
                3. Performance Evaluation
                4. SNORT
                5. Traffic

                Qualifiers

                • Research-article
                • Research
                • Refereed limited

                Conference

                BDCA'17

                Contributors

                Other Metrics

                Bibliometrics & Citations

                Bibliometrics

                Article Metrics

                • Downloads (Last 12 months)4
                • Downloads (Last 6 weeks)0
                Reflects downloads up to 10 Feb 2025

                Other Metrics

                Citations

                Cited By

                View all
                • (2023)A Comparative Analysis of Snort 3 and Suricata2023 IEEE IAS Global Conference on Emerging Technologies (GlobConET)10.1109/GlobConET56651.2023.10150141(1-6)Online publication date: 19-May-2023
                • (2022)Effectiveness Evaluation of Different IDSs Using Integrated Fuzzy MCDM ModelElectronics10.3390/electronics1106085911:6(859)Online publication date: 9-Mar-2022

                View Options

                Login options

                View options

                PDF

                View or Download as a PDF file.

                PDF

                eReader

                View online with eReader.

                eReader

                Figures

                Tables

                Media

                Share

                Share

                Share this Publication link

                Share on social media